package xyz.jcat.web.security;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import xyz.jcat.auth.token.AccessTokenUtils;
import xyz.jcat.common.auth.UserContextHolder;
import xyz.jcat.common.web.Resp;
import xyz.jcat.web.WebUtils;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class DefaultLogoutSuccessHandler implements LogoutSuccessHandler {

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
                                Authentication authentication) throws IOException, ServletException {
        String requestHeaderToken = request.getHeader(AccessTokenUtils.TOKEN_HEADER);
        String accessToken = AccessTokenUtils.getHeaderAccessToken(requestHeaderToken);
        AccessTokenUtils.removeAccessToken(UserContextHolder.getInstance().getUserId(), accessToken);
        WebUtils.writeJson(response, Resp.ok("退出登录成功"));
    }
}
